With a variety of risks growing out of the pandemic, cybersecurity control failures was listed as the top executive concern during Q1 2021. According to the Gartner Emerging Risks Monitor Report, 67% of senior executives stated that the risk of cybersecurity control failure is their number one concern.
The Gartner poll consisted of 165 senior-level executives of different industries and regions, reflecting that these risks are prevalent concerns across the board. Second to cybersecurity risk, “the new working model” was cited as a top emerging risk. All top five concerns were internal risks, with remote talent management, organizational cultural degradation, and strategic corrections rounding out the list of pressing concerns according to executives. This is not to say that there is any shortage of external risks impacting operational activities, but the risk areas highlighted show just how much COVID-19 has impacted businesses and their future operations in a digital-first world.
For more information on Cyber and IT Risk Management post-COVID-19, download Gartner’s NEW Hype Cycle for Cyber & IT Risk Management report.
“Many organizations were forced to implement quick fixes to serious operational gaps as a result of their initial pandemic responses,” said Matt Shinkman, Vice President with the Gartner Risk and Audit Practice. “Nowhere has that been more apparent than in cybersecurity policies that have prioritized on-premises security over secure remote work access. Executives responsible for these areas are realizing that the time to enact more sustainable and robust policies is now.”
With the pandemic and mandated lockdowns spurring a rapid switch to remote work setups, IT and security teams had to hastily retrofit their risk management strategies to accommodate remote work access and expand their VPN network for the whole enterprise. Integrated risk management has come into clear focus for organizations looking to reinvent risk management across all layers including technical to strategic. Loosely secured remote work environments have been the root cause of greater cybersecurity control concerns.
According to the poll, most executives agree that as remote work setups become more of a permanent feature of work environments - security and IT teams need to improve on securing the network and remote access. In order to remediate certain risks, Gartner recommends implementing an identity-first security protocol and transferring endpoint protection services to the cloud.
Following protracted vaccine rollout and reputational risks from citizen journalism, compromised cybersecurity controls also ranked third in “risk velocity” in an alternative report metric that was measured. Gartner assessed risk velocity by evaluating executive polling data with data on the potential impact and growing speed of the risk.
“Risk velocity can help executives see blind spots of emerging risks that might be moving towards an organization quickly, but aren’t appreciated yet by their peers,” said Mr. Shinkman. “However, in the case of cybersecurity risk, it’s good to see that the level of awareness among executives matches the severity of the risk facing their organizations.”